10341000x8000000000000000259754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:00.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:59.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:58.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:57.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:56.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:55.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:54.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:53.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:52.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:51.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:50.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:49.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:47.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:46.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:45.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000254012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:44.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:39.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:38.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:36.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:35.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:34.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:33.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:32.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:31.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000253042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:29.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:28.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:27.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:26.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:25.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:24.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:23.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:22.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:21.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:20.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:19.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:18.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:17.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000252033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:16.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:15.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:14.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:13.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:12.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:11.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:10.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:09.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:08.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:07.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000251049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:06.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:05.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:04.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:03.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:02.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:01.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:35:00.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:59.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:58.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:57.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:56.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:55.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:54.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:53.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000250046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:52.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:51.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:50.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:49.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:48.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:47.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:46.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:44.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:43.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:42.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:41.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:40.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:39.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:38.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:37.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000249030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:36.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:35.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:34.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:33.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:32.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:31.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:30.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:29.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:28.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:27.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:26.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:25.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:24.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:23.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000248009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:22.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:21.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:20.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:19.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:18.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:17.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.474{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:16.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:15.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:14.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000247065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:13.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:12.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:11.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:10.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:09.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:08.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:07.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:06.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:05.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:04.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:03.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:02.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:01.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:34:00.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000246028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:59.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:58.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:56.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:55.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:54.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:53.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:52.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:51.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:50.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:49.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:47.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:46.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:45.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:44.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000245000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:43.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:42.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:41.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:40.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:39.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:37.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:36.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:35.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:34.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:33.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:32.713{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:31.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:30.681{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000244018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:29.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:28.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:27.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:26.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:25.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:24.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:23.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:22.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:21.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:20.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:19.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:18.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:17.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000243023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:15.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:14.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:13.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:12.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:11.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:10.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:09.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:08.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:07.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000242054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:06.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:05.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:04.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:03.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:02.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:01.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:33:00.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:59.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:58.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:57.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:56.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:54.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:53.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000241000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:51.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:50.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:49.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:48.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:47.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:46.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:45.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:44.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:43.777{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:42.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:41.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:40.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:39.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:38.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000240051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:37.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:36.668{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:35.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:34.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:33.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:32.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:31.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:30.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:29.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:28.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:27.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:26.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:25.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:24.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:23.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000239035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:22.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:21.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:20.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.368{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:19.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:17.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:16.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:15.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:14.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000238087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:13.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:12.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:11.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:10.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:09.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:08.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:07.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:06.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:05.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:04.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:03.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:02.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:01.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:32:00.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000237032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:59.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:58.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:56.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.977{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:55.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:54.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.940{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.940{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:53.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:52.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:51.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:50.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:49.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:48.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:47.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:46.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:45.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:44.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000236017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:43.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:42.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:41.714{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:40.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:39.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:38.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:37.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:36.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:35.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:34.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:33.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:32.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:31.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:30.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000235000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:29.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:28.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:27.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:26.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:25.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:24.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:23.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:21.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:20.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.326{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:19.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000234106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:17.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.269{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:16.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:15.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:13.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:12.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:11.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:10.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:09.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:08.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:07.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000233025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:06.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:05.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:04.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:01.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:31:00.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:59.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.931{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.931{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.931{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:58.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:57.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:56.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.893{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:54.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:53.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:52.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000232045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:51.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:50.811{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:49.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:48.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:47.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:46.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:45.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:44.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:43.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:42.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:41.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:40.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:39.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:38.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:37.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000231030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:36.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:35.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:33.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:32.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:31.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:30.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:29.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:28.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:27.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:26.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:25.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:24.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:23.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:22.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000230010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:21.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:20.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:19.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:18.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:17.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.185{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:16.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:15.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:14.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:13.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000229007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:12.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:11.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:10.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:09.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:08.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:07.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:03.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:02.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:01.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:30:00.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:59.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.868{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000228012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:58.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:57.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:56.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:55.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:52.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:51.751{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:50.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:49.716{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:48.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:47.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:46.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:45.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000227012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:44.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:43.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:42.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:41.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:40.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:39.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.535{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:38.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:37.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:36.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:35.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:34.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:33.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:32.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:31.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000226009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:30.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:29.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:28.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:27.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:26.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:25.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:24.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:23.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:22.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:21.212{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:20.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:19.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:18.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000225064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:17.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.118{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.118{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.118{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.118{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.117{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.117{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.117{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:16.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:15.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:14.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:13.062{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:12.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:11.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:09.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:08.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:07.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000224042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:06.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:05.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:04.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:03.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:02.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:01.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:29:00.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:59.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:58.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:57.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:56.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:55.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:54.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:53.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:52.691{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000223000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:51.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:50.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:49.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:47.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:46.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:45.563{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:44.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:43.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:42.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:41.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:40.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.457{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000222039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:39.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:38.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:37.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:36.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:35.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:34.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:33.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:31.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:30.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:29.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:27.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:26.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000221018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:25.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:24.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:23.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:22.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:21.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:20.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:19.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:18.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:17.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:16.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:14.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000220007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:13.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:12.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:11.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:10.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:09.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:08.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:07.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:06.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:05.825{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:04.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:03.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:02.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000219050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:01.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:28:00.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:59.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:58.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:57.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:56.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:55.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:54.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:53.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:52.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:51.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:50.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:49.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:48.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:47.458{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000218010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:46.445{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:45.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:44.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:43.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:42.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:41.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:40.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:39.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:38.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:37.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:36.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:35.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:34.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:33.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000217036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:32.145{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:31.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:30.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:29.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:28.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:27.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:26.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:25.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:23.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:22.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:21.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:20.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:19.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000216067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:18.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:17.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:16.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:15.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:12.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:11.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:10.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:09.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000215013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:08.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:07.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:05.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:04.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:03.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:02.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:01.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:27:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:59.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:58.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:56.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:55.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000214010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:54.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:53.391{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:52.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:51.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:50.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:49.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:48.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:47.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:46.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:44.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:43.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:42.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:41.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:40.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000213000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:39.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:38.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:37.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:36.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:35.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:34.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:33.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:32.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:31.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:30.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:28.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:27.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:26.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:25.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000212045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:24.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:23.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:22.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:21.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:20.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:19.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:18.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:16.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:15.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000211097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:14.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:13.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:12.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:11.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:10.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:09.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:08.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:07.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:06.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:05.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:04.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:03.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:02.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000210019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:01.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:26:00.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:59.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:58.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:57.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:56.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:55.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:54.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:53.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:52.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:51.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:50.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:49.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:48.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000209045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:47.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:46.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:45.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:44.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:43.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:42.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:41.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:40.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:39.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:38.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:37.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:36.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:34.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:33.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:32.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000208007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:31.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:29.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:27.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:26.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:25.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:24.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:23.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:22.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:21.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:20.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:19.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000207056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:18.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:17.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:16.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:15.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:14.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:13.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:12.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:11.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:10.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.539{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:09.539{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000206022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:08.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:07.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:06.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:05.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:04.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:03.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:02.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:01.385{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:25:00.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:59.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:58.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:57.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:56.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:55.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000205030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:54.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:53.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:52.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:51.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:50.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:49.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:48.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:47.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:46.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:45.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:44.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:42.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:41.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:40.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000204051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:39.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:38.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:37.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:36.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:35.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:34.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:33.822{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:32.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:31.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:30.772{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:29.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:28.728{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:27.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:26.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000203004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:25.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:23.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:22.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:21.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:20.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:19.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:18.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:17.484{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:16.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:15.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000202012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:14.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:13.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:12.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:11.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:10.337{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:09.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:08.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:07.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:06.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:04.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:03.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000201036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:02.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:01.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:24:00.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:59.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:58.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:57.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.020{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:56.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:55.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:54.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:53.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:52.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:51.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.933{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:50.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:49.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:48.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000200028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:47.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:46.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:45.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:44.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:43.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:42.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:41.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:40.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:39.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:38.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:37.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:36.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:35.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:34.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000199005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:33.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:32.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:31.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:30.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:29.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:28.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:27.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:26.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:25.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:24.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:23.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:22.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:21.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:20.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.234{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000198026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:19.234{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:18.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:17.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:16.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:15.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:14.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:13.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:12.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:11.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000197038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:10.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:09.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:08.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:06.993{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:05.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:04.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:03.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:02.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:01.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:23:00.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:59.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:58.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:57.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:56.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:55.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000196001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:54.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:53.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:52.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:51.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:50.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:49.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:48.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.588{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.588{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.588{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.588{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:47.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:46.549{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:45.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:43.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:42.473{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:41.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:40.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000195006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:38.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:37.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:36.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:35.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:34.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:33.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:32.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.253{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:31.253{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.234{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:30.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:29.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:28.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:27.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:26.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000194000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:25.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.110{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:24.094{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:23.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:22.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:20.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:16.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:15.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000193058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:14.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:13.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:12.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:11.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:10.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.807{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:08.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:07.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:06.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:05.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:04.711{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:03.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:02.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000192012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:01.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:22:00.640{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.626{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:59.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:58.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:57.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:56.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:55.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:54.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:53.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:52.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:51.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:50.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:49.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:48.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000191039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:47.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:46.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:45.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:44.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:43.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:42.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:41.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:40.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:39.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:38.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:37.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:36.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:35.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.146{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:34.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000190057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:33.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:32.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:31.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:30.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:29.009{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:27.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:26.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:25.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:24.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:23.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:22.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:21.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:20.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:19.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000189006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:18.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:17.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:16.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:15.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:14.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.652{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:13.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:12.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:11.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.591{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:10.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000188028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:09.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:08.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:07.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:06.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:05.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:04.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:03.456{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:02.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:01.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:21:00.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:59.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:58.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:57.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:56.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000187021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:55.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:54.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:53.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:52.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:51.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:50.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:49.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:48.166{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:47.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:46.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:45.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:44.086{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:43.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:42.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:41.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000186022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:39.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:38.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:37.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:36.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:35.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:34.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:33.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:32.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:31.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:30.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:29.758{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:28.742{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:27.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:26.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000185052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:25.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:24.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:23.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:22.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:21.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:20.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.572{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:19.556{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:18.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:17.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:16.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:15.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000184032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:14.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:13.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:12.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:11.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:10.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:09.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:08.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:07.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:06.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:05.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:04.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:03.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000183000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:02.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:01.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:20:00.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:59.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:58.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:57.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.035{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:56.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:55.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:53.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:52.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:51.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:50.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:49.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000182039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:48.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:47.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:46.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:45.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:44.799{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:43.780{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:42.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:41.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:40.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:39.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:38.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:37.682{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:36.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:35.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000181046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:34.624{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:33.609{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:32.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:31.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:30.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:29.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:28.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:27.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:26.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:25.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:24.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:23.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:22.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:21.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000180079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:20.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:19.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:17.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:16.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:15.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:14.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:13.249{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:12.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000179032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:11.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:10.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:09.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:08.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:07.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:06.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:05.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:04.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:03.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:02.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:19:01.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:59.987{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:58.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:57.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000178000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:56.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.922{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:55.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:54.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:53.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:52.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:51.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:50.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:49.781{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:48.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:47.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:46.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:45.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:44.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000177063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:43.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:42.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:41.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:40.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:39.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:38.581{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:37.566{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:36.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:35.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:34.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:33.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:32.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:31.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:30.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000176043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:29.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:28.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:27.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:26.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:25.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:24.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:23.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.229{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:22.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:21.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:20.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:19.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:18.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.120{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.120{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.120{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000175144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:17.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:16.095{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:15.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:14.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:13.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:11.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:10.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:09.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:08.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:07.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:06.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000174040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:05.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:04.850{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:03.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:02.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:01.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:18:00.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:59.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:58.729{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:57.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:56.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:55.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.645{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.645{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:54.630{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:53.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:52.602{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000173058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:51.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:50.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:49.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:48.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:47.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:46.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:45.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:44.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:43.410{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.391{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.388{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.388{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:42.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:41.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:40.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:39.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:38.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000172041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:37.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:36.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:35.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:34.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:33.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:32.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:31.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:30.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:29.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:28.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.098{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:27.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:26.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:25.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:24.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:22.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000171013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:21.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:20.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:19.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:18.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:16.869{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.866{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.858{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:15.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:14.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:13.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000170013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:12.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:11.757{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:10.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:09.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.692{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:08.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:07.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:06.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:05.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:04.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:03.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:02.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:01.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:17:00.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000169071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:59.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:58.487{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:57.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:56.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:55.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:54.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:53.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:51.355{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:50.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:49.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:48.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:47.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:46.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:45.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000168018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:44.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:43.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:41.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:40.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:39.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:38.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:37.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:36.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:35.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:34.024{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:33.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:31.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:30.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000167010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:29.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:28.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:27.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:26.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:25.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:24.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:23.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:22.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:21.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.759{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:20.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:19.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:18.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000166052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:17.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:16.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:15.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:14.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:13.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:12.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:11.533{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:10.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:09.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:08.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000165000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:07.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:06.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:05.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:04.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:03.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:02.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:01.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:16:00.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.293{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:59.277{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:58.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:57.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:56.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:55.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000164027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:54.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:53.107{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:52.087{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:51.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:50.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:48.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:47.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:46.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:45.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:44.898{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:43.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:42.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:41.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:40.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000163074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:39.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:38.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:37.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:35.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:34.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:33.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:31.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:30.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:29.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:28.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:27.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:26.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000162026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:25.417{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:24.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:23.370{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:22.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:21.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:20.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.269{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.269{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:19.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:18.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:17.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000161084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:16.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.178{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.178{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.178{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.178{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:15.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:14.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:13.119{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:12.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:10.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:09.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:08.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:07.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000160000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 4688201331200x8020000000000000334748Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x1770C:\Windows\SysWOW64\whoami.exe%%19360x10f4whoami /allNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334746Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x119cC:\Windows\SysWOW64\qwinsta.exe%%19360x10f4qwinstaNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334743Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x179cC:\Windows\SysWOW64\net.exe%%19360x10f4net localgroupNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 10341000x8000000000000000159722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.431{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8459-635A-CB04-000000008A02}6000C:\Windows\SysWOW64\whoami.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636E50)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.429{3381F800-8459-635A-CB04-000000008A02}6000C:\Windows\SysWOW64\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exewhoami /allD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=B0CF93B7D4BD87F1F79EED054128532F,SHA256=72C2B9733D3D143CB23BA5D6F3D5B690D39ED458B6C430557FF7B50FE6C3F28F,IMPHASH=8E79F757D7CF9849D5C4526C308ABEAE{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000159560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.301{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8459-635A-C904-000000008A02}4508C:\Windows\SysWOW64\qwinsta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636E2A)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.299{3381F800-8459-635A-C904-000000008A02}4508C:\Windows\SysWOW64\qwinsta.exe10.0.14393.0 (rs1_release.160715-1616)Query Session UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationqwinsta.exeqwinstaD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=8BA20D53B4FB03195AD2D401D1388592,SHA256=D292A447B82B1EE408B3FEE4AA092B9E437866E2C2631087B4A698426592DC76,IMPHASH=DABCCBB5707075AA29F67F6BA6738CE8{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000159454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.201{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8459-635A-C604-000000008A02}6044C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636E04)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.210{3381F800-8459-635A-C604-000000008A02}6044C:\Windows\SysWOW64\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exenet localgroupD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=F155DF44EDF793CE52ABCDB9520E11C8,SHA256=42C289E1F976730A0325C0D1A293437502BEF55935F08F258F81B89CF59ABD25,IMPHASH=E4302779B9E7AAB2C1BF4863DBDF1B68{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 4688201331200x8020000000000000334741Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x12b4C:\Windows\SysWOW64\NETSTAT.EXE%%19360x10f4netstat -naoNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 10341000x8000000000000000159383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.056{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8459-635A-C404-000000008A02}4788C:\Windows\SysWOW64\netstat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636DDE)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:05.061{3381F800-8459-635A-C404-000000008A02}4788C:\Windows\SysWOW64\NETSTAT.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Netstat CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnetstat.exenetstat -naoD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=FFE367661AFCD0ED0EB8E305A436797A,SHA256=1F07B7C0C17324AEEAD6E7105A9668976D8731414448F56AACEE49BAA01351F6,IMPHASH=2F1E8B6490DF71ADB9AC7039D6CBD4A4{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 4688201331200x8020000000000000334739Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x4dcC:\Windows\SysWOW64\ROUTE.EXE%%19360x10f4route printNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334736Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x1894C:\Windows\SysWOW64\net.exe%%19360x10f4net shareNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334734Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x13bcC:\Windows\SysWOW64\nltest.exe%%19360x10f4nltest /domain_trusts /all_trustsNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334732Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850xacC:\Windows\SysWOW64\nslookup.exe%%19360x10f4nslookup -querytype=ALL -timeout=12 _ldap._tcp.dc._msdcs.ATTACKRANGENULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334730Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x1b50C:\Windows\SysWOW64\ipconfig.exe%%19360x10f4ipconfig /allNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334728Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x18dcC:\Windows\SysWOW64\ARP.EXE%%19360x10f4arp -aNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000334726Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x1bccC:\Windows\SysWOW64\cmd.exe%%19360x10f4cmd /c setNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 10341000x8000000000000000159331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.978{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-C204-000000008A02}1244C:\Windows\SysWOW64\route.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000159312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.931{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-C204-000000008A02}1244C:\Windows\SysWOW64\route.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636DB8)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.939{3381F800-8458-635A-C204-000000008A02}1244C:\Windows\SysWOW64\ROUTE.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Route CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationroute.exeroute printD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=47F84BE121A0120DD6FF2CC2BDA65694,SHA256=3BC0A2C1F62BDCC9D697685EF2ED70D083234995DFAEEBFB974FF1F1EB5D0C9A,IMPHASH=06521680907025F464BDB6E98BB3AB18{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000159204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.759{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-BF04-000000008A02}6292C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636D92)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.766{3381F800-8458-635A-BF04-000000008A02}6292C:\Windows\SysWOW64\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exenet shareD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=F155DF44EDF793CE52ABCDB9520E11C8,SHA256=42C289E1F976730A0325C0D1A293437502BEF55935F08F258F81B89CF59ABD25,IMPHASH=E4302779B9E7AAB2C1BF4863DBDF1B68{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000159132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.666{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-BD04-000000008A02}5052C:\Windows\SysWOW64\nltest.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636D6C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.662{3381F800-8458-635A-BD04-000000008A02}5052C:\Windows\SysWOW64\nltest.exe10.0.14393.5427 (rs1_release.220929-2054)Microsoft® Logon Server Test UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationnltestrk.exenltest /domain_trusts /all_trustsD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=92CE922DC84A2BC79752E8E6D5FE0200,SHA256=AD1D4EEB099598EE142A2794773CA410FC3C120C177F6E558EF2DB7314B831F2,IMPHASH=F2E0DA40FA1EC915CD388483507B0F16{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000159055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.444{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-BB04-000000008A02}172C:\Windows\SysWOW64\nslookup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636D51)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000159054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.441{3381F800-8458-635A-BB04-000000008A02}172C:\Windows\SysWOW64\nslookup.exe10.0.14393.0 (rs1_release.160715-1616)nslookupMicrosoft® Windows® Operating SystemMicrosoft Corporationnslookup.exenslookup -querytype=ALL -timeout=12 _ldap._tcp.dc._msdcs.ATTACKRANGED:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=EEA54C27CFEEC3CED8A90F409A2E23C8,SHA256=EEBD0BE4886F640CE10CD99D2C8E64101B88A1A87391DB226726B8390F7CBA2E,IMPHASH=5DA9C35938D3F2FDAE2DA483A74A328C{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000158984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.375{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-B904-000000008A02}6992C:\Windows\SysWOW64\ipconfig.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636CF3)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000158983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.374{3381F800-8458-635A-B904-000000008A02}6992C:\Windows\SysWOW64\ipconfig.exe10.0.14393.0 (rs1_release.160715-1616)IP Configuration UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationipconfig.exeipconfig /allD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=D99377A3CC218A71E27DFA4C6C4892A4,SHA256=5F2FF9DFA80DCBAE0301500B50F5BB10DDA257BE9C061B3CFCC9BA3C1FBC8891,IMPHASH=9CB4975E5FC345BA48C788102C18C1A6{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000158849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.157{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-B704-000000008A02}6364C:\Windows\SysWOW64\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636CCD)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000158848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.164{3381F800-8458-635A-B704-000000008A02}6364C:\Windows\SysWOW64\ARP.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Arp CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationarp.exearp -aD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=5341171CD30698B6390598B4CD7D9E12,SHA256=C1A71BBB60FAB4B6AF35E9ACCF65D965738DB35E9CFD99BC5F9AE9728DC7CDC8,IMPHASH=21B1653F69FD245A82ADA312C0C87215{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000158794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.110{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8458-635A-B504-000000008A02}7116C:\Windows\SysWOW64\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636CA8)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000158793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:04.112{3381F800-8458-635A-B504-000000008A02}7116C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c setD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000158792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.953{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:03.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:02.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:01.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:15:00.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:59.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 4688201331200x8020000000000000334713Securitywin-dc-ctus-attack-range-487.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0xcce850x7dcC:\Windows\SysWOW64\net.exe%%19360x10f4net viewNULL SID--0x0C:\Windows\SysWOW64\wermgr.exeMandatory Label\High Mandatory Level 10341000x8000000000000000158395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B404-000000008A02}2884C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.209{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9428(wow64)|C:\Windows\System32\KERNELBASE.dll+d810c(wow64)|UNKNOWN(000000000063BB1F)|UNKNOWN(0000000000636C86)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x8000000000000000158223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.206{3381F800-8452-635A-B304-000000008A02}2012C:\Windows\SysWOW64\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exenet viewD:\ATTACKRANGE\Administrator{3381F800-7E72-635A-85CE-0C0000000000}0xcce852HighMD5=F155DF44EDF793CE52ABCDB9520E11C8,SHA256=42C289E1F976730A0325C0D1A293437502BEF55935F08F258F81B89CF59ABD25,IMPHASH=E4302779B9E7AAB2C1BF4863DBDF1B68{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe 10341000x8000000000000000158222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.203{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.202{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.201{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.200{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.200{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.200{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.197{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.196{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:58.194{3381F800-807D-635A-1601-000000008A02}43401160C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|UNKNOWN(0000000000637177)|UNKNOWN(000000000063BDF9)|UNKNOWN(0000000000636C4C)|UNKNOWN(0000000000631371)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:57.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x8000000000000000158125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.827{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=FBA861EF9AE6F64CA375EEA558D3149B,SHA256=E7DA765AF081635A814E769967702B4711FC64E785EBA9757FFF4590B5C65A4B,IMPHASH=BEC4D2DC6E5428E09C45B14235429DCFtrueMicrosoft WindowsValid 734700x8000000000000000158124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.827{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll10.0.14393.0 (rs1_release.160715-1616)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=75B865AD79ECEA39F566F4EE82B8EC07,SHA256=2C87DCCB0754D5B3A6C27D56E5F2093F987B91607A30F8B80EBCF055E43A47D5,IMPHASH=C49BA5C02FD2B43AF8015BD8DB280C09trueMicrosoft WindowsValid 734700x8000000000000000158123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.827{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wbemcomn.dll10.0.14393.4530 (rs1_release.210705-0736)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=8AAD6DC39B4736CFF6433DB1830FCFFE,SHA256=6824B185E6B10B6F177B30517654DBE04857834026B301EFCED535654106965C,IMPHASH=8514CF5DB6BF3E4E3C129FB76ABCD096trueMicrosoft WindowsValid 734700x8000000000000000158122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.827{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=F14B95C2CD2AC79A48069C95C724EF55,SHA256=9EF2E84DFC50B37D790FA46ABB71AB540D1860B38C8778C092233683FCBDF366,IMPHASH=C93E7CA22B07D6A204D0EDA95C47798DtrueMicrosoft WindowsValid 734700x8000000000000000158121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.827{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\clbcatq.dll2001.12.10941.16384 (rs1_release.210107-1130)COM+ Configuration CatalogMicrosoft® Windows® Operating SystemMicrosoft CorporationCLBCATQ.DLLMD5=A5DBC147158A0FFB44246C9452A1C9E1,SHA256=D7763F384F902F00980FE6A2ED0F254AF0539B66AAABFF64413B0D17606000A9,IMPHASH=CAC6B3339C5CAA083E24A4484EE86E29trueMicrosoft WindowsValid 10341000x8000000000000000158119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x8000000000000000158100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.345{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ncryptsslp.dll10.0.14393.4583 (rs1_release.210730-1850)Microsoft SChannel ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationncryptsslp.dllMD5=0B5DF00F4D46DB0FFA434546CEE426F9,SHA256=C88B30B1E4A5D446938125279E57DE9466EDAF84CDEAE2528E643482A78C658C,IMPHASH=394BF7D360D6129761B41C91439F6304trueMicrosoft WindowsValid 734700x8000000000000000158046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.137{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\cryptnet.dll10.0.14393.2035 (rs1_release_inmarket.180110-1910)Crypto Network Related APIMicrosoft® Windows® Operating SystemMicrosoft CorporationCRYPTNET.DLLMD5=C33695B9200980F960892E56C521DE3D,SHA256=9E9299C57AC68B7AF1AFF73ABAB0010D44F94C11B3C003BAA19B2AA5D4D5E869,IMPHASH=06076AAA538038E143E92F14E137ABEEtrueMicrosoft WindowsValid 734700x8000000000000000158041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.125{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\gpapi.dll10.0.14393.5356 (rs1_release.220906-1211)Group Policy Client APIMicrosoft® Windows® Operating SystemMicrosoft Corporationgpapi.dllMD5=56505A60B122C44945364ABF9E4021B6,SHA256=3CEEC20BA528DFCAEF92669748DE6B05CEFDF9138B7C2FA7818AAF6AC1B1B7A5,IMPHASH=5936592D8F447B35CDA7921BC4F21773trueMicrosoft WindowsValid 734700x8000000000000000158036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.110{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wintrust.dll10.0.14393.5427 (rs1_release.220929-2054)Microsoft Trust Verification APIsMicrosoft® Windows® Operating SystemMicrosoft CorporationWINTRUST.DLLMD5=CB1FFD7F3BF7E579277FA7A7DD0B622E,SHA256=7A93D303F8975F098C91CF3923E110AEFE0CEE13B7C0E8A5617966EA2817B107,IMPHASH=9A9F70B5E6DDB8F96A677E91AE1F3A7DtrueMicrosoft WindowsValid 734700x8000000000000000158035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.105{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\dpapi.dll10.0.14393.0 (rs1_release.160715-1616)Data Protection APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdpapi.dllMD5=D204C988115DD69889E3C0172E92BCFF,SHA256=3F3ED7720F970CA1704BF5215C574ED9FF19778C57E2D484180DA2D8361B130D,IMPHASH=A94EA6AB4F1FEFA4841A51D10CA7A9F3trueMicrosoft WindowsValid 734700x8000000000000000158034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.099{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ntasn1.dll10.0.14393.0 (rs1_release.160715-1616)Microsoft ASN.1 APIMicrosoft® Windows® Operating SystemMicrosoft Corporationntasn1.dllMD5=CDA0441BE02BB525B159B3949D9DC67D,SHA256=4977F6560E6B355299CB160CBFA411E0EDA83558AE15E8E323CD5BA02351C6CA,IMPHASH=E36ED0B691E982CA503FA97C60EB70DCtrueMicrosoft WindowsValid 734700x8000000000000000158033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.087{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ncrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows NCrypt RouterMicrosoft® Windows® Operating SystemMicrosoft Corporationncrypt.dllMD5=A9005C06D4F367BF4B8C6FB9C4B42AE7,SHA256=0539649D648911F05F93B06C2A1F9827C9BDBED1928A932223DB12A3FFB83919,IMPHASH=D881C1D9FE5992A8813DE38FDD7EC834trueMicrosoft WindowsValid 734700x8000000000000000158032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:56.079{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\mskeyprotect.dll10.0.14393.4046 (rs1_release.201028-1803)Microsoft Key Protection ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmskeyprotect.dllMD5=D9702DF4C37BE14869F2645CA77D0561,SHA256=056156B54F6468B454F324F20B3FB332F06B28120331BD86168BC2666385B339,IMPHASH=09594C419D3EB9247FD709D6AF3EF70AtrueMicrosoft WindowsValid 734700x8000000000000000158020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.870{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\schannel.dll10.0.14393.5427 (rs1_release.220929-2054)TLS / SSL Security ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationschannel.dllMD5=D2BB47B8350DC6EC3C21C5D853B6761B,SHA256=AF9CF2B9AC6DCE03EAA11C8711037D581C62221763A3F290A39F60C712C755D1,IMPHASH=061DA7FDF8C2ECD3424EDB3AC7922779trueMicrosoft WindowsValid 10341000x8000000000000000158011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000158003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:55.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:54.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:53.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:52.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.663{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:51.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:50.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:49.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:48.592{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:47.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:46.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:45.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:44.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:43.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:42.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:41.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000157015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:40.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:39.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:38.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:37.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:36.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:35.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:34.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:33.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:32.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:31.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:29.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:28.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000156032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:27.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:26.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:24.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:23.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:22.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:21.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:20.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:19.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:18.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:17.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:16.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.940{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000155087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:15.933{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:14.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:13.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:12.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:11.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:10.813{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.809{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.807{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.806{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.806{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.806{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:09.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:08.761{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:07.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:06.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:05.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:04.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.663{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000154053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:03.642{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:02.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:01.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:14:00.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:59.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:58.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.481{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.481{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:57.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:56.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:55.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:54.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:53.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:52.374{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:51.347{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:50.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:49.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000153013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:48.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.260{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.260{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.260{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:47.244{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:46.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:45.214{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:44.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:43.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:42.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:41.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:40.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:39.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:38.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.022{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:37.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:35.994{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:34.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000152000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:33.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:32.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:31.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:30.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:29.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:28.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:27.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:26.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:24.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:23.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:21.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:20.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000151028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:19.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.625{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:18.610{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:17.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.573{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:16.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:15.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:14.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:13.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:12.470{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:11.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000150000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:10.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:09.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.370{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:08.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:07.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:06.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:05.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:04.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:03.251{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:02.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:01.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:13:00.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:59.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:58.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:57.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.143{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000149040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:56.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.120{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:55.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:54.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.081{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:53.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.060{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:52.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:51.025{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:50.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:48.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:47.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:46.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:45.921{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:44.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:43.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:42.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000148101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:41.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:40.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:39.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:38.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:37.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:36.724{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:35.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:33.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:32.644{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:31.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:30.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:29.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:28.543{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:27.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000147006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:26.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:25.480{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:24.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:23.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:22.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:20.376{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.361{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.327{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.320{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:18.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:17.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.269{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000146138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:16.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:15.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:14.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:13.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.154{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.153{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.151{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:12.150{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.131{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:11.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:10.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:09.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.051{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:08.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:07.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:06.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:05.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:04.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:04.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:04.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:03.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.964{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000145026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:02.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:01.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:12:00.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:59.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:58.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:57.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:56.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:55.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:54.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:53.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:52.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:51.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:50.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:49.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:48.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000144000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:47.655{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:46.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:45.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:44.593{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:43.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:42.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:41.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:39.496{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:38.477{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:37.465{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.438{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.438{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.438{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.438{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:36.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:35.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000143039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:34.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:33.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:32.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:31.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:30.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:28.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:27.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:26.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:25.155{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:24.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:23.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:22.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:21.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000142108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:20.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:19.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:18.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:18.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:18.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:18.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:17.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:17.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:17.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:17.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:17.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.973{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:16.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.946{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.942{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:15.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:14.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:13.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:12.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:11.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:10.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000141000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.789{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:09.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:08.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:07.727{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:06.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:05.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:04.661{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:03.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:02.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:01.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:11:00.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:59.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:58.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:57.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:56.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000140016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:55.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:54.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:53.416{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:52.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:51.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:50.343{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:49.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:48.307{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:47.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:46.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:45.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:44.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:43.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:42.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000139005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:41.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:40.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:39.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:38.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:37.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.037{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.037{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:36.036{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:35.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:33.991{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:32.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:31.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:30.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:29.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:28.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:27.864{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000138025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:26.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:25.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:24.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:22.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:21.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:20.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:19.693{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:18.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:17.641{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:16.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000137039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:15.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:14.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:13.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:12.545{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:11.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:10.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:09.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:08.448{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:07.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:06.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:05.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:04.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:03.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000136032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:02.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:01.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:10:00.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:59.242{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:58.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:57.202{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.187{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:56.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:54.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:53.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:52.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.059{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:51.043{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:50.014{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.992{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:48.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000135015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:47.965{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.942{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.942{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:46.940{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.926{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.926{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.926{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:45.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:44.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:43.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.875{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:42.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:41.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:39.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:38.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:37.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:36.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:35.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:34.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000134055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:33.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:32.659{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:31.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:30.612{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:29.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:28.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:27.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:26.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:25.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:24.493{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:23.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:22.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:21.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:20.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:19.359{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000133000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:18.345{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:17.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:16.311{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:15.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:14.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:13.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:12.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:11.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:10.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000132049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:09.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:08.109{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:07.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:06.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:05.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:04.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:02.983{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:01.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:09:00.939{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:59.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:58.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:57.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:56.852{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:55.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:54.810{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000131050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:53.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:52.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:51.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:49.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:48.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.645{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:47.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:46.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:45.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:44.565{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:43.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.536{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:42.521{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:41.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:40.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:39.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000130003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:38.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:37.381{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.370{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.370{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.368{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:36.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:35.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:34.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:33.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:32.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:31.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:29.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:28.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:27.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:26.135{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:25.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:24.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000129022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:23.069{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:22.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:21.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:20.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:18.996{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:17.981{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.971{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:16.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.960{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:15.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:14.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000128049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:13.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:12.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:11.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:10.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:09.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:08.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:07.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:06.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:05.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:04.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:03.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.652{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:02.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.635{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:01.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:08:00.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.584{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.584{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.584{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.584{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000127049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:59.568{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:58.551{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.501{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.501{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.501{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.500{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:56.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:55.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.403{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:54.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:53.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:52.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.341{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:51.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:50.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.268{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:49.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:48.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.238{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:47.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:46.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:45.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000126000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:44.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:43.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:42.157{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:41.137{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:40.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:39.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:38.072{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:37.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.027{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:36.026{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:35.011{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:33.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:32.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:31.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:30.914{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:29.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000125000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:28.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:27.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:26.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:25.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:24.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:23.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:22.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:21.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:20.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.698{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:19.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:18.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:17.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000124085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:16.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.623{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:15.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:14.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:13.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:12.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:11.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:10.475{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:09.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:08.419{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:07.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:06.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000123028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:04.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:03.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:02.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:01.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:07:00.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:59.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:58.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:57.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:56.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:55.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:54.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:53.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:52.019{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:51.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:49.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000122031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:48.957{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:47.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:46.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:45.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.862{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:44.861{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:43.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:42.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.807{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.804{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.801{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:41.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:40.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.747{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.744{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:39.744{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.736{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.721{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.721{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:38.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.707{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:37.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:36.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.666{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:35.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000121036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:34.646{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.638{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.635{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.635{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:33.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.613{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:32.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:31.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:30.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:29.532{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:28.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:27.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:26.463{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:25.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:24.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:23.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:22.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:21.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:20.333{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000120001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:19.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.298{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.297{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:18.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:17.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.260{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.253{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.253{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.252{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:16.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:15.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.198{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:14.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:13.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:12.142{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000119045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:11.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:10.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:09.052{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:08.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:07.017{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:06.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:06.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:06.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:06.004{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:05.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:05.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:05.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:05.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:05.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:04.968{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:03.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.932{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:02.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:01.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:06:00.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:59.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:58.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:57.826{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:56.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000118007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:55.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:54.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.741{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:53.725{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:52.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:51.689{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:50.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:49.628{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.615{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:48.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:47.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:46.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:45.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:44.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:43.492{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.483{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:42.468{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:41.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000117000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:40.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:39.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:38.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:37.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.317{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.315{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:36.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:35.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:34.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.265{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.263{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:33.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:32.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:31.217{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000116283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:30.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:29.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.189{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.177{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:28.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000113115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:27.136{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:26.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:25.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.044{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:24.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000112046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:22.986{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:21.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:20.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:19.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:18.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.881{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.877{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000111080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:17.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:16.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:15.833{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:14.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.790{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000110001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:13.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:12.750{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:11.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000109107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:10.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.663{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.657{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.656{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:09.654{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:08.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000108084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:07.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:06.585{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x8000000000000000107573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:05.530{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=FEC73B133C8A34087EF9E872CD1CD45E,SHA256=4BF805F38A47FAFE9E039DE56DD1B9E36B40561C6D3FD3C75907F35CAA91D9A6,IMPHASH=228F99E8B005CFF18296089AF6DEA022trueMicrosoft WindowsValid 10341000x8000000000000000107496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:04.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.524{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.523{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000107277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:03.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:02.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:01.462{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:05:00.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:59.411{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x8000000000000000106626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.519{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=CDDE3316B3736A9613F31610AC137C9E,SHA256=545CD6206CC1CD22A7CE8B4845CFCE3E06AAD97D4334588A52F0F143CC8AD171,IMPHASH=5C77750BF609660A7729B242FA74E98CtrueMicrosoft WindowsValid 734700x8000000000000000106625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.519{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\winnsi.dll10.0.14393.2339 (rs1_release_inmarket.180611-1502)Network Store Information RPC interfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationwinnsi.dllMD5=5777A6C6196919EBE8B73B273DF5FAF6,SHA256=062F973C688650068FD4B3E2EB0E474CE204120ED3E18CDC341C0A3E528C7839,IMPHASH=DC23FFFD2EBC3578D9A77CC0B9DC22C2trueMicrosoft WindowsValid 734700x8000000000000000106624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.503{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\mswsock.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft Windows Sockets 2.0 Service ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationmswsock.dllMD5=F18662FD1BCB04019CA35313C7BD1AB0,SHA256=44968455D3EEA914958BF90A83BA9311E9311676C32D8D46BB6109DF655738A4,IMPHASH=3BCAD7DA03A0242A2A34491F77EA8067trueMicrosoft WindowsValid 734700x8000000000000000106623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.503{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\winhttp.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Windows HTTP ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationwinhttp.dllMD5=8F6507E78B57C5C15C125EF3904F4A68,SHA256=213845D780A00F05ED859C2B2D257085E7100817F135D3CDB299874D402C0B53,IMPHASH=D569F6E4A4CC77554BFC5FE46045DA9AtrueMicrosoft WindowsValid 734700x8000000000000000106622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.487{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=380F0481E3BA9EA699BB6F674A500745,SHA256=ED5F6D3E1F27292480800E540E5F60CF8E8A157B52AC47ACA8B81F57F63F30F0,IMPHASH=2B9681B9C7B5E00CD2814399F4685385trueMicrosoft WindowsValid 734700x8000000000000000106621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.487{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\OnDemandConnRouteHelper.dll10.0.14393.0 (rs1_release.160715-1616)On Demand Connctiond Route HelperMicrosoft® Windows® Operating SystemMicrosoft CorporationOnDemandConnRouteHelper.dllMD5=DF275C9659ED8215695B572A8CE17FBC,SHA256=D8F3C962E828201B361A6F634412B7BE25EC1BD3F848F259E3C996BB9572B0FB,IMPHASH=BBDB119EC3E50CDEAA84B3E28AC52C3DtrueMicrosoft WindowsValid 734700x8000000000000000106618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.487{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\rsaenh.dll10.0.14393.4467 (rs1_release.210604-1844)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=857A10F193FD44C58B11C90F04C4E62D,SHA256=33AB6056C7DED486E75E1D410233354A8BC326E4ABE95DF5566F68283014587B,IMPHASH=34AF29CE553D01A9CE643682A40D7CB5trueMicrosoft WindowsValid 734700x8000000000000000106617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.487{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\cryptsp.dll10.0.14393.2457 (rs1_release_inmarket.180822-1743)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=940907E5BEF86AF8B1D4C6FF2A98061E,SHA256=6F87C4B18D0A22A7A01C3F2176A18229B78106C9A7FC3F878892F0FD9706040C,IMPHASH=789B4484C292CAC32E0806DEE3E8734AtrueMicrosoft WindowsValid 10341000x8000000000000000106615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:58.394{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:57.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:56.331{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000106002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:55.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:54.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:53.270{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000105185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:52.254{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:51.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.235{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.234{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.233{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:50.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:49.211{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000104002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:48.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:47.169{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000103095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:46.147{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:45.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.115{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000102367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:44.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.100{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:43.085{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:42.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.066{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.065{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:41.056{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.041{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000101183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:40.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.021{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:39.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:37.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:36.966{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.950{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:35.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000100149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:34.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:33.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:32.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:31.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:30.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.856{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000099066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:29.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:28.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:27.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:26.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:25.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000098055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:24.749{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:23.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:22.702{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:21.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:20.670{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:19.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:18.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:17.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.600{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.598{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000097218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:16.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:15.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:14.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000096005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:13.534{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:12.511{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:11.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:10.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:09.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000095038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:08.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:07.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.372{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:06.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.350{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.350{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:05.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:04.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:03.296{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000094032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:02.267{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:01.255{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:04:00.237{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.219{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000093095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:59.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.208{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:58.206{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.196{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000092147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:57.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:56.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.127{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.126{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000091460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:55.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.105{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:54.089{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.079{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:53.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000090201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:52.039{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:51.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000089267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:50.008{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.002{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:49.000{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:48.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000088316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:47.974{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:46.956{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:45.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:44.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000087191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:43.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.886{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000086507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:42.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:41.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:40.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000085168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:39.802{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:38.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.784{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.782{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000084434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:37.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:36.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:35.718{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:34.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000083105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:33.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:32.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:31.587{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:30.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000082221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:29.544{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:28.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:27.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:26.489{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:25.467{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000081195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:24.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:23.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:22.400{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.387{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000080115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:21.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:20.336{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.326{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:19.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.311{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.304{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:18.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:16.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078386Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:15.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.247{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.247{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.247{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:14.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:13.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:12.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:11.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.188{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:10.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:09.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:08.101{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:07.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077280Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:06.055{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:05.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:04.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:03.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:01.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:03:00.949{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:59.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.913{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.910{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:58.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.897{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:57.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:56.863{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:55.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:54.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:53.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:52.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:51.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:50.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:49.662{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:48.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.619{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:47.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:46.582{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000071001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:45.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:44.528{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:43.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.506{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.504{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:42.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:41.478{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000070174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:40.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.424{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:39.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.415{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:38.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:37.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000069098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:36.362{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:35.334{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:34.316{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:33.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.282{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:32.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:31.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000068029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:30.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:29.204{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:28.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:27.140{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:26.116{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:25.068{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:24.049{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.038{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:22.007{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:20.980{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000067046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:19.955{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.954{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.950{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:18.950{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:17.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000066261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.883{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.880{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.879{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.876{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:15.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:14.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:13.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000065239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:12.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:11.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:10.767{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000064317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:09.745{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.730{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:08.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:07.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.680{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.678{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.677{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:06.675{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000063128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:05.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:04.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:03.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.580{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.579{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:02.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.539{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.539{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:01.537{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.527{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.515{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000062107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:02:00.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:59.490{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:58.454{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:57.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.413{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.404{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:56.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:55.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.326{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.326{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:54.326{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:53.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000061057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:52.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:51.250{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:50.205{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:49.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.168{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.158{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:48.141{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:47.128{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:46.114{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.096{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000060049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:45.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:44.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:43.029{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:42.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:42.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:41.988{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:40.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:39.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:38.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:37.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000059008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:36.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.796{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.794{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:35.792{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058846Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:34.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:33.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:32.731{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.712{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:31.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:30.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:29.634{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:28.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:27.586{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.575{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:26.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:25.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.485{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:24.469{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:23.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000057186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:22.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.402{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:21.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.364{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:20.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.339{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:19.323{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:18.302{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.290{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.288{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.287{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:17.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.276{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000056304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:16.274{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:15.256{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:14.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.203{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.201{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.200{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:13.199{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:12.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.162{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000055128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:11.160{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:10.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054551Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054550Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.108{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:09.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000054225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:08.071{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:07.040{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000053494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:06.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:04.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:03.959{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000052104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:02.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:01.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:01:00.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000051138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:59.843{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.829{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:58.828{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000050139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:57.808{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:56.788{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.774{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.773{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.771{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.770{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:55.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:54.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000049341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:53.726{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:52.701{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000048077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:51.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.676{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:50.672{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000047430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:49.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.637{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:48.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:47.607{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:46.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046210Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:45.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.557{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.554{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.553{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000046030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:44.552{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:43.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:42.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:41.505{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.501{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.501{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.498{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:40.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000045082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:39.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:38.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044715Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044714Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044713Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044711Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:37.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:36.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:35.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:34.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000044076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:33.325{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.321{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:32.305{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:31.278{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.239{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.234{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.221{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000043162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:30.216{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:29.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.185{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.185{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:28.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.167{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.165{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000042012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:27.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.144{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:26.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.082{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.076{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.076{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.076{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.075{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.075{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:25.074{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.058{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:24.050{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:23.023{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:22.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:22.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:22.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:22.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:22.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:21.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:21.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:21.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:21.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000041059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:21.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:20.982{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:19.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:18.919{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:17.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:16.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.873{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.872{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:15.871{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.858{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.857{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.855{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:14.853{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.834{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.832{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000040000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.831{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:13.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:12.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:11.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:10.778{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:09.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.746{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.744{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.744{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.739{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:08.738{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.710{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.709{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.706{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.705{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.704{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.703{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.703{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:07.703{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.690{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.686{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039184Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:06.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.671{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.664{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.660{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.658{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000039054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:05.647{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:04.603{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038706Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038705Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.597{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038702Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038701Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.596{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.595{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:03.594{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:02.561{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:01.541{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:00:00.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:59.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000038059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:58.464{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:57.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.446{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:56.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:55.408{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.401{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.399{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.397{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:54.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.380{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.379{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:53.378{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:52.365{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.356{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:51.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.313{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.311{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.311{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.311{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.310{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.309{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:50.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.299{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.295{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.286{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.285{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:49.273{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.243{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:48.232{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037067Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.227{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.223{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000037058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:47.222{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.207{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:46.191{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:45.164{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:44.139{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:43.111{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000036090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:42.090{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:41.067{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.046{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:40.031{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:39.010{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035327Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035325Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:37.985{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035251Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.967{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:36.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.937{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.936{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.934{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.931{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.930{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:35.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.920{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.918{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.917{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000035056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:34.915{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.905{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.903{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.902{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:33.901{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:32.870{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:31.848{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:30.837{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.817{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:29.815{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:28.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000034000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:27.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:26.762{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:25.740{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:24.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:23.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:22.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.650{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:21.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.638{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.638{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:20.629{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000033113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:19.611{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032919Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:18.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.574{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.571{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:17.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.562{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.562{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.558{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.558{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:16.558{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.550{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000032233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:15.546{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:14.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.525{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:13.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:12.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:11.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:10.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000031052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:09.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:08.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:07.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:06.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:05.342{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:04.314{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:03.301{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.284{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.280{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:02.279{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:01.257{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:59:00.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000030000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029997Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:59.224{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029896Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:58.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:57.192{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.186{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.184{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.183{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.182{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:56.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:55.152{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:54.132{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:53.106{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:52.083{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:51.053{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029106Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029105Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000029098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:50.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2501-000000008A02}6676C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:49.013{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2501-000000008A02}6676C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:47.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2501-000000008A02}6676C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:46.975{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2501-000000008A02}6676C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000028575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:45.962{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.951{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2601-000000008A02}6448C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8084-635A-2501-000000008A02}6676C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:44.935{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.922{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:43.922{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.908{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.907{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000027146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:42.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:41.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:40.854{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:39.836{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.821{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.820{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.819{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:38.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x800000000000000026738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.792{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ntmarta.dll10.0.14393.1378 (rs1_release.170620-2008)Windows NT MARTA providerMicrosoft® Windows® Operating SystemMicrosoft Corporationntmarta.dllMD5=42413E3092F5AE88247827FE65C55601,SHA256=C5DD44F462B2C1AFED3C7FF9FD5102B9DE8434333679CB6C8FDFEB9217C69B07,IMPHASH=6D13CFF8D69236E816F0FF58801FB3BEtrueMicrosoft WindowsValid 734700x800000000000000026737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.789{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\msasn1.dll10.0.14393.0 (rs1_release.160715-1616)ASN.1 Runtime APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationmsasn1.dllMD5=5E8336C79BE0C2F1080B575E434DD0E4,SHA256=FB7EB70237B5897F875CE8786C26E09F61120DB4A91376A65433EEDCFA634A11,IMPHASH=72645B79B3F36D7DD23879EC939355AEtrueMicrosoft WindowsValid 10341000x800000000000000026736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x800000000000000026733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.788{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\crypt32.dll10.0.14393.5427 (rs1_release.220929-2054)Crypto API32Microsoft® Windows® Operating SystemMicrosoft CorporationCRYPT32.DLLMD5=13547939C72439809CB44F4D6A692555,SHA256=5334C1DDE63B42864FAD8B08EA747BE1209B54E705996DDA73D7B4E4F697761C,IMPHASH=3B7148B202E165B9B54CE80B989E47E8trueMicrosoft WindowsValid 10341000x800000000000000026732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000026728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 734700x800000000000000026727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\dwmapi.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft Desktop Window Manager APIMicrosoft® Windows® Operating SystemMicrosoft Corporationdwmapi.dllMD5=F6B687A32ABAE8BE3B02C122B58D952F,SHA256=DF763BDC4348BBEA93375263BF88E0BCD1267C58FC0F6E994F6D778D302DDE85,IMPHASH=60EA58ED63BD25EC1709F72F112B0086trueMicrosoft WindowsValid 734700x800000000000000026724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.797{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\msctf.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)MSCTF Server DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationMSCTF.DLLMD5=AC951CC1306C73767A05F04BFC916CD8,SHA256=5FE28B70168433EF1C6DDE3CB1BE43A1A614508C37BC9C32F2051E5BA341C6C3,IMPHASH=EF37C47ACC74D5DC3737EEE137193A8DtrueMicrosoft WindowsValid 734700x800000000000000026722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.765{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\iertutil.dll11.00.14393.5427 (rs1_release.220929-2054)Run time utility for Internet ExplorerInternet ExplorerMicrosoft CorporationIeRtUtil.dllMD5=350591E5AAD9F791EB4309D819A2DFD3,SHA256=99F3715C57336E3589CEF4BE4A6777634CC9DC46840305DFC6233946BEC79CED,IMPHASH=B1175218A8304DF3BD6BF43A45EE8073trueMicrosoft WindowsValid 734700x800000000000000026719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.769{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\uxtheme.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft UxTheme LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationUxTheme.dllMD5=E1A1B98F2AD180FA2117A56D869E5830,SHA256=2D9711E9D549CCB441EF21F72F08FB4EACD5F2990193C6FFFC7E7AC92FA6E670,IMPHASH=1FCD5DF5B3D97346B0A828B1CFDB1ED1trueMicrosoft WindowsValid 734700x800000000000000026718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.729{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\urlmon.dll11.00.14393.5356 (rs1_release.220906-1211)OLE32 Extensions for Win32Internet ExplorerMicrosoft CorporationUrlMon.dllMD5=0BBB3D660FE02B48D0C20917BE94F027,SHA256=250FC3A792D98F55E2505EDE57D69DFE5D415997ACFB80EA5D57C700CCD464D4,IMPHASH=A8C982C1E8CF4134B4F2115A6232000DtrueMicrosoft WindowsValid 734700x800000000000000026717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.689{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wininet.dll11.00.14393.5127 (rs1_release_inmarket.220514-1756)Internet Extensions for Win32Internet ExplorerMicrosoft Corporationwininet.dllMD5=F109FD19546BE93A10E690A75AB76CD0,SHA256=7C7C07F1D80F8320F929896597A7F903E565E2090110B6531D393AD0D3EB66E7,IMPHASH=6BB04210898C6D83772D571885398917trueMicrosoft WindowsValid 734700x800000000000000026704Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.505{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\samlib.dll10.0.14393.4530 (rs1_release.210705-0736)SAM Library DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMLib.DLLMD5=1029851F233A4FFD537D7B924F6078E9,SHA256=48FAA459585093FD2423A991B264219E5D7E0D37328D5CE6BDA917AB02607E31,IMPHASH=2A11EEDCDACA5CF22ED5A9A77F30DC4CtrueMicrosoft WindowsValid 734700x800000000000000026703Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.505{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wtsapi32.dll10.0.14393.0 (rs1_release.160715-1616)Windows Remote Desktop Session Host Server SDK APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationwtsapi32.dllMD5=55D5450C85C0A0DE8F2A22F2C0C816AE,SHA256=3CF7B03BEB7C47157C47EACEBFB731096468D1D25FF6784485EFD2FB806C4C5E,IMPHASH=62E80DE569E3D2B9A30E859918635AC7trueMicrosoft WindowsValid 734700x800000000000000026699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.505{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\winsta.dll10.0.14393.0 (rs1_release.160715-1616)Winstation LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationwinsta.dllMD5=74261D485681A12AFF1AD517FD0EF200,SHA256=DEC3B7B1EBF3F7F4940FE63D665E2C50F6447C848C35C64B1BDE446E04358480,IMPHASH=A92DB75F144155161CE7994504E7528FtrueMicrosoft WindowsValid 734700x800000000000000026685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=89AC96525FB527CDF4FFDCDF657A3923,SHA256=737BC5E7586D9AB6306949B1470DB3DBE576638A010EEF7A297126BE30841C2F,IMPHASH=844732D10340F10C1E97778BA10CF30EtrueMicrosoft WindowsValid 734700x800000000000000026684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\userenv.dll10.0.14393.4583 (rs1_release.210730-1850)UserenvMicrosoft® Windows® Operating SystemMicrosoft Corporationuserenv.dllMD5=53FEB2DF5A3001CEE00158E46CF1F1C2,SHA256=9D4DC493975065C4595DB62DCB0828631D9CF6019C9A82AA0384D65A8E6A62C7,IMPHASH=46FAD5286B22154C348CEBCE1107AFECtrueMicrosoft WindowsValid 734700x800000000000000026683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\bcrypt.dll10.0.14393.4583 (rs1_release.210730-1850)Windows Cryptographic Primitives Library (Wow64)Microsoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=80F9B9D2B1258D35F129D9210DC9CE20,SHA256=9653E29AA9499123EBFA49C4BA69E345F8A10029B00B790946DDFE040436EF6D,IMPHASH=61592743BFAEF2F12950E5420FA2AEB1trueMicrosoft WindowsValid 734700x800000000000000026682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wkscli.dll10.0.14393.5066 (rs1_release.220401-1841)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=97FF7E9EC6FCEA3BFF925EF0B3D2C2A0,SHA256=58F5AE5BF2EFC87F15BF756F6E9F9F015EF5982BE6116B7D6E74CD9DDA5B3E7A,IMPHASH=CE8BC9B3664FDF4538851BFF6C6D25A5trueMicrosoft WindowsValid 734700x800000000000000026681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\logoncli.dll10.0.14393.5427 (rs1_release.220929-2054)Net Logon Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationLOGONCLI.DLLMD5=2FC58E28A22581D66092837503A7FF8D,SHA256=21FEEDFA03D9DFBE623AD1F94311064902A292F39E30FF164F18AF40752FCC12,IMPHASH=343CD4C5D9D6DE17581010BBB9270B57trueMicrosoft WindowsValid 734700x800000000000000026680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=A612555310B7F2A688FA57C7C10615BC,SHA256=028B8BA6A6CF74776C8E4F7485BB7973DE25242F292F837D78AB9CFCC3E8AC90,IMPHASH=158FC41AF95869DAD152F6AD98D3B1B5trueMicrosoft WindowsValid 734700x800000000000000026679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.489{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\samcli.dll10.0.14393.0 (rs1_release.160715-1616)Security Accounts Manager Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSAMCLI.DLLMD5=F67DFB27AACE637BEA56D3EB0726B943,SHA256=3663C2F3579BEBAF433AF101902ADA3FF87A3A6005F0AF77D1894458286E3656,IMPHASH=82F8D10D6DD61C5D488E58E1BB2A29CEtrueMicrosoft WindowsValid 734700x800000000000000026678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\srvcli.dll10.0.14393.5066 (rs1_release.220401-1841)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=ABB61EA7CC462930FB56C2D004A5B06C,SHA256=7C1525EEFF5357013C68BDDAB2F255E40C8D82A43EF05F374B8DE7D8B5247711,IMPHASH=B1A124F5ECF68D9AFF86BEE7BFF328D4trueMicrosoft WindowsValid 734700x800000000000000026677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\netapi32.dll10.0.14393.5427 (rs1_release.220929-2054)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=3AF8578D70A29700B850B6E3AE16707C,SHA256=B8A4643A53617A2CC849B1CB520F59C51BB9B2D17EB51CF92AAE7779AAE642F3,IMPHASH=BECD21EE9D727374BFBE0E55EC100256trueMicrosoft WindowsValid 734700x800000000000000026676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ole32.dll10.0.14393.5127 (rs1_release_inmarket.220514-1756)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=33842D2EF1AFD0E94F73E24E55724418,SHA256=EBD2C419EB5B75270E1CC6F80FABD899C8F7B787F742CF3B0F608BB807197DF1,IMPHASH=6FE75EB0A263DD16629B09AECE416B36trueMicrosoft WindowsValid 734700x800000000000000026675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\profapi.dll10.0.14393.0 (rs1_release.160715-1616)User Profile Basic APIMicrosoft® Windows® Operating SystemMicrosoft CorporationPROFAPI.DLLMD5=CA6447DDCA724F0C5C0CAFDE184EFE64,SHA256=F9664337B60A332571FCA81CC3E6DD194DCE20C8546980FD283CA892D0CC873C,IMPHASH=6E3C4DB87F2B77C788E86C1A678A8D0DtrueMicrosoft WindowsValid 734700x800000000000000026674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=4BA1C50E6607AE70495B58874963B901,SHA256=72BBBB4145E058C3B12504AC0EC128CD44E282D40959D018192899276A2B9C69,IMPHASH=9F60CD6001B5CEA647B250DFF3B6F65AtrueMicrosoft WindowsValid 734700x800000000000000026673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\shlwapi.dll10.0.14393.5427 (rs1_release.220929-2054)Shell Light-weight Utility LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationSHLWAPI.DLLMD5=827CF4DF011EA7BAF277BBA7E74F262E,SHA256=9C9BBF48DC43E2C405C04BE00DF600989093BBCD6CC7FD66CE8BEA97EC7D8499,IMPHASH=2D7046CEF5DEEA9D960D37CB0A98F146trueMicrosoft WindowsValid 734700x800000000000000026672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\powrprof.dll10.0.14393.0 (rs1_release.160715-1616)Power Profile Helper DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationPOWRPROF.DLLMD5=A6F22CA344FD1B7D75D49ECC718693C8,SHA256=C7787F59263B7D5246B931531AB4DC4C430E1BF8260775B7A751D4994A5D3489,IMPHASH=689E2A5805AE9CF0919D2DDDDDC411CCtrueMicrosoft WindowsValid 734700x800000000000000026671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\windows.storage.dll10.0.14393.5427 (rs1_release.220929-2054)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=C6546AC6C60F9CCBB2152397535E7546,SHA256=ABD5F8EB2A0EA16D6DECE48467E246EE3413C78E48E44A7F5935D11A2884E847,IMPHASH=9D339EEAB735596FA7DC404B5B56A994trueMicrosoft WindowsValid 734700x800000000000000026670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\cfgmgr32.dll10.0.14393.0 (rs1_release.160715-1616)Configuration Manager DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationCFGMGR32.DLLMD5=90A1CD387F9CB30F86D34B88BFCD83A1,SHA256=5F6CE9777CDC7B0A0E98C90709C41C379415DBA654A39B332BB683A7F2B86E97,IMPHASH=07C997EFB887CE39B75B7896A20F5FFBtrueMicrosoft WindowsValid 734700x800000000000000026669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\shell32.dll10.0.14393.5427 (rs1_release.220929-2054)Windows Shell Common DllMicrosoft® Windows® Operating SystemMicrosoft CorporationSHELL32.DLLMD5=05685D846954E1BDD621868E96488B6C,SHA256=D628EDE3BE96C118FFD69A1ED3FB47BA475B7C304C20CA47D80421F5FA466522,IMPHASH=F1F88F7EE16DD2A229F2F5159DB8928BtrueMicrosoft WindowsValid 734700x800000000000000026668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wer.dll10.0.14393.4704 (rs1_release.211004-1917)Windows Error Reporting DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationwer.dllMD5=17C5BB60A7455226715371A1DC25A587,SHA256=FCA2EDB4A374DB7A7542F6B60A4DEC4AD85B2727F1126E6836C63304B14C672F,IMPHASH=D0C91048765E6467DBA89828357957CFtrueMicrosoft WindowsValid 734700x800000000000000026667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\imm32.dll10.0.14393.0 (rs1_release.160715-1616)Multi-User Windows IMM32 API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationimm32MD5=203F58BA41B48A59D6A047E0233DB422,SHA256=4204F7C2B4E13AA3819A180FACA724435F6400FE97D2EF6C74634A0D7E51F7F3,IMPHASH=EA6E499F92F9040E9609EFDC47BE01FEtrueMicrosoft WindowsValid 734700x800000000000000026666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.474{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=AF2A9437F3AED2E8254B7E1EB6E96782,SHA256=D8F3C957BDBD9DB510E71B07CDE1B446491D4DC520787548060B3AAD1324C62A,IMPHASH=5D2578ED274AAD83C30A3917C98404EEtrueMicrosoft WindowsValid 734700x800000000000000026665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=318804DFF282AE5C2FEF5577057CB913,SHA256=A65C5C3F38A793F0C59C1A4553940D6D236CE2BC3380898E865BF0E1F80FEE8C,IMPHASH=5D92B73B6930EFBC71A36B7FEF62DF62trueMicrosoft WindowsValid 734700x800000000000000026664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\gdi32full.dll10.0.14393.5427 (rs1_release.220929-2054)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E230B8A7225E6727EC1886846413A54D,SHA256=2ABEF9C7B0EFD58B1CDA5B3C4D784F007C631329FC452E780105D35217A40497,IMPHASH=E698C8E2E06172CDB524686FF10A5C5EtrueMicrosoft WindowsValid 734700x800000000000000026663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=E9E209227AF7EFBFDAAA0B932251486D,SHA256=639DD063669F506790DA8C940E3BEBE4F7CF31668260F94CF5A67C93021D2BDF,IMPHASH=25AFDCBDCE8BEB6A7109D378495BE552trueMicrosoft WindowsValid 734700x800000000000000026662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_c58df2c997bddaf8\comctl32.dll6.10 (rs1_release.210107-1130)User Experience Controls LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationcomctl32.DLLMD5=9BA49461346F5B2DAFE81E401E884241,SHA256=297B46C95521B8EB59B3793F0ED2736F39C495D2C3D622638EE9205F53E69EFD,IMPHASH=3546967BD7A83D49718BE45FB48403B5trueMicrosoft WindowsValid 734700x800000000000000026661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.458{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\advapi32.dll10.0.14393.5427 (rs1_release.220929-2054)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=C830A662D2219E9BFB13ED2894026915,SHA256=CB8048F560CC4FF567D2A8C2657004E70902855CCA50B4705A8053587E1ED007,IMPHASH=533BC84A1EC4841BF15F5E4FF63A29F1trueMicrosoft WindowsValid 734700x800000000000000026660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\SHCore.dll10.0.14393.5066 (rs1_release.220401-1841)SHCOREMicrosoft® Windows® Operating SystemMicrosoft CorporationSHCORE.dllMD5=80EE5186671CE3551034147EB20E8D5A,SHA256=4004CA1A47FE31D95444872D19BEA51A83472528001B3E8EC18BA0C843199AE9,IMPHASH=6DF3E31673D2CCEDABFBE5A79390B72DtrueMicrosoft WindowsValid 734700x800000000000000026659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=7BC54AA66588A3DF7B1448A4493C6663,SHA256=9CB1BA7C092164DAA14E21454606905E294D137AD72158F92A666077D7CF1946,IMPHASH=2DCB08A6E31A83C3EA33C5793EFA9A56trueMicrosoft WindowsValid 734700x800000000000000026658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=0D885953D657434CA5015545A364BDB9,SHA256=1D29921E136F84B4CA9F1EBD646CFFF4571EA805A6CC5BC1F7C7784CC3246088,IMPHASH=76F056ED62EDF4D48793D8C5EDA733ADtrueMicrosoft WindowsValid 734700x800000000000000026657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\sechost.dll10.0.14393.5006 (rs1_release.220301-1704)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=495127E6E6D5CAEDE18A809EAEFFC349,SHA256=9F621D36BCD75AE97E1BCBA9BBFD75FEC74C6CA87AEF81F3190173CBF7CC2A45,IMPHASH=C3B61C1F5D46A607D624033E7094E4FFtrueMicrosoft WindowsValid 734700x800000000000000026656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\bcryptprimitives.dll10.0.14393.4770 (rs1_release.211101-1440)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=6215B591FCA75825262B29613A48836C,SHA256=B34EED73CE76E4AA1A0812E9BE1AE093549B164341F988CA877E27E545C3C1B8,IMPHASH=918DADABE6E41CFBB03F954A46D3F72EtrueMicrosoft WindowsValid 734700x800000000000000026655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=3D4308BAC53B881B16D9BD1006ABDC65,SHA256=26DF85FC22F9FCAA2212CB66612FE8F5CC6382953FE81B9C34128E43080C7891,IMPHASH=C7D6B46400E43E7BE538D1CCB512EC25trueMicrosoft WindowsValid 734700x800000000000000026654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\sspicli.dll10.0.14393.5427 (rs1_release.220929-2054)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecurity.dllMD5=B422D6D349B239AA5DA5B66297A085B3,SHA256=3708B080455F4563B863211A4D602AE11CEBDEB94C8846EE580503C4F4A4DFE7,IMPHASH=AC11100B3FFA7FCAFA188E618E4C7CC1trueMicrosoft WindowsValid 734700x800000000000000026653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\rpcrt4.dll10.0.14393.5291 (rs1_release.220806-1444)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=C6EE0DB29435BF41835FFA96EB2F14C5,SHA256=CAF9E05D47F84728986E1BF563B3B87FAF3522F4E0CC4FD95694F418C307AD92,IMPHASH=DFB6F6F4811855AE14F8E8492E1C602FtrueMicrosoft WindowsValid 734700x800000000000000026652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=F058FE3C5E3DEF875A654A18551D88E5,SHA256=78DC0394AA359DBD2EB8BE7F13FEDF0478C8AA55785712B358FAC1C97D051B87,IMPHASH=44F906D172B935DEA0C5D038C6FA8449trueMicrosoft WindowsValid 734700x800000000000000026651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\combase.dll10.0.14393.5427 (rs1_release.220929-2054)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=6A51D4762C9E3554953ABBB5AA1A4050,SHA256=12422A5E2171851EC8ADADD11313F9E74310F137CE60C3E547EFC658A52BCEF8,IMPHASH=7E0E904C0FD68DBF5F794D700C0C3C3DtrueMicrosoft WindowsValid 734700x800000000000000026650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=F3B7F231407DD207CABC94C9347984AC,SHA256=053A1D95EEB426416278D2AD7D584FDD984A8B445CC88B46785AB8666383FB0B,IMPHASH=B5CBF1B1B5086E2C500FD84325E04D44trueMicrosoft WindowsValid 734700x800000000000000026649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\KernelBase.dll10.0.14393.5427 (rs1_release.220929-2054)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=40609845B5F71A923CADA8E9BE0DBCD3,SHA256=4A37BC90B133F9E768570F8DD15ACFB242D766D91161ED927EB6D059E8A1E026,IMPHASH=C3A947E86E0B67FAA3B0B56CC5C7BCA6trueMicrosoft WindowsValid 734700x800000000000000026648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.380{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe10.0.14393.4104 (rs1_release.201202-1742)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerMgrMD5=931F41EAEE541F2E9071259D9D3D6409,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586CtrueMicrosoft WindowsValid 734700x800000000000000026647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.5427 (rs1_release.220929-2054)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E7250A347FA497C9A44FA84493C36B4C,SHA256=3187F14835C7B9184DC17D69310E180A48A11DB29101F2866B84B1708252B121,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000026646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\wow64cpu.dll10.0.14393.3503 (rs1_release.200131-0410)AMD64 Wow64 CPU Microsoft® Windows® Operating SystemMicrosoft Corporationwow64cpu.dllMD5=C1F2078639481364EA3FDD10CBEB1A18,SHA256=B63E6DC0B3D7ABA9CB95929A1A360208A570CB2072474276F649B68F1AC8DC82,IMPHASH=15CD876FB3F6EC97A2F7466360415F86trueMicrosoft WindowsValid 734700x800000000000000026645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000026644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\kernel32.dll10.0.14393.5427 (rs1_release.220929-2054)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=800CA8E5D4ABA626E6E7043CB42DF86D,SHA256=874CA13B41198861EE041925482D7F7DC1E2AD03986BA95F5428127CE50D8279,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000026643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\kernel32.dll10.0.14393.5427 (rs1_release.220929-2054)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=E7250A347FA497C9A44FA84493C36B4C,SHA256=3187F14835C7B9184DC17D69310E180A48A11DB29101F2866B84B1708252B121,IMPHASH=EAF4CC449835E7A81A8EEFEBEB2E8FC7trueMicrosoft WindowsValid 734700x800000000000000026642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\kernel32.dll10.0.14393.5427 (rs1_release.220929-2054)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=800CA8E5D4ABA626E6E7043CB42DF86D,SHA256=874CA13B41198861EE041925482D7F7DC1E2AD03986BA95F5428127CE50D8279,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000026641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\wow64win.dll10.0.14393.3383 (rs1_release.191125-1816)Wow64 Console and Win32 API LoggingMicrosoft® Windows® Operating SystemMicrosoft Corporationwow64lg2.dllMD5=62DEBA17D0A26B352F1C3F02144BC6EA,SHA256=5A1C08FE318942CB31048DBD641E25610DE842E34470B3E54FEDCA4E2642D4E0,IMPHASH=3045357B61B63AEF6CBCD96F2FA7E9D8trueMicrosoft WindowsValid 734700x800000000000000026640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.396{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\wow64.dll10.0.14393.3503 (rs1_release.200131-0410)Win32 Emulation on NT64Microsoft® Windows® Operating SystemMicrosoft Corporationwow64.dllMD5=447615F19DAAFF9C308370C59F493BF8,SHA256=45ED2009CEEB249BBF518B958AF02B97E667DB68C9B6D65642E69E9B0300CF5D,IMPHASH=03B9E38A9E88FDC66380837CCC8647FAtrueMicrosoft WindowsValid 734700x800000000000000026639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.380{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\ntdll.dll10.0.14393.5427 (rs1_release.220929-2054)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=008C343519B7638AEF1FBFD9DF26BC22,SHA256=9C5B8ED8542367D1DC5625AD5544C68ABB63C80887F2F448506581B32AA34CE5,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000026638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 12:58:37.380{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeC:\Windows\System32\ntdll.dll10.0.14393.5427 (rs1_release.220929-2054)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=6E3E284D0AE13742E3057662A1463299,SHA256=A2C89978022CD2CB5FC62435C955CC84DEF43B7E9A8010E998F8826DD44FB176,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid